DHS Warns Of Telephony Denial Of Service (TDoS) Attacks

The FBI issued a warning back in January, and now the Department of Homeland Security (DHS) has followed suit.

A not-so new denial of service attack is once again attracting the attention of authorities. This latest incarnation utilizes the telephone system to inundate public sector entities, tying up the phone lines and preventing legitimate callers from gaining access, according to a Krebs on Security report.

According to the "situational awareness bulletin", issued in mid-March, the recent Telephony Denial of Service (TDoS) attacks are part of a broader extortion scheme. An individual phones, claiming to represent a collections company for payday loans. The alert describes the caller as someone with "a strong accent of some sort."

The caller then asks to speak with a current or former employee concerning an outstanding debt. When they fail in extort payment (usually in the amount of $5,000), they launch a TDoS attack, which slams the phone network with a stream of junk calls. The attacks can last for hours and have been known to end, then begin again some time later.

Security vendors Sonus and SecureLogix offer solutions for this type of phone attack, which typically occurs over Voice over Internet Protocol systems (VoIP). According to SecureLogix, "the FBI was first notified about this type of attack back in November of 2009. However, it is even more alarming that these voice-related, often VoIP, attacks against U.S. businesses and their customers are rapidly increasing in severity, sophistication, and frequency."

These TDoS incidents are much like recent Distributed Denial of Service (DDoS) attacks that can potentially act as a smokescreen to a more criminal enterprise. And public sector entities aren't the only ones at risk.

Back in 2010, a Florida dentist lost a reported $400,000 from his retirement account after he began receiving such calls.The FBI indicated at the time that the TDoS attack was meant as a "diversionary tactic, meant to tie up [his] line so that Ameritrade couldn’t reach him to authenticate the money transfer requests."

The new DHS alert recommends that any organization on the receiving end of such an attack contact the FBI immediately.